3 files changed, 91 insertions, 21 deletions

diff --git a/NEWS b/NEWS
index 212a54db7..a43fe024f 100644
--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,9 @@ Noteworthy changes in version 2.5.9 (unreleased)
   * gpg: Add the revocation reason to the sigclass of a "rev" line.
     Regression in 2.5.7.  [T7073]
 
+  * gpg: Do not show the non-standard secp256k1 curve in the menu to
+    select the curve.  It can however be specified using its name.
+
 
   Release-info: https://dev.gnupg.org/T7695
 
diff --git a/dirmngr/ks-engine-ldap.c b/dirmngr/ks-engine-ldap.c
index 4ad021b73..ff4f005f4 100644
--- a/dirmngr/ks-engine-ldap.c
+++ b/dirmngr/ks-engine-ldap.c
@@ -154,6 +154,9 @@ epoch2ldaptime (time_t stamp)
 #endif
 
 
+/*
+ * Begin LDAP wrappers
+ */
 static void
 my_ldap_value_free (char **vals)
 {
@@ -162,6 +165,66 @@ my_ldap_value_free (char **vals)
 }
 
 
+/* LDAP wrappers to cope with the stupid use of ULONG instead of int in
+ * the Windows LDAP interface.  rfc1823 alsways uses int and thus
+ * ldap_parse_result should also do this.  */
+#ifdef HAVE_W32_SYSTEM
+static int
+my_ldap_return_with_check (ULONG l_err)
+{
+  if ((int)l_err < 0)
+    {
+      log_error ("oops: LDAP returned a negative error code (0x%lx)\n", l_err);
+      l_err = LDAP_OTHER;
+    }
+  return (int)l_err;
+}
+#endif
+
+static int
+my_ldap_parse_result (LDAP *ld, LDAPMessage *result,
+                      int *errcodep, char **matcheddnp, char **errmsgp,
+                      char ***referralsp, LDAPControl ***serverctrlsp,
+                      int freeit)
+{
+#ifdef HAVE_W32_SYSTEM
+  ULONG l_err;
+  ULONG l_errcode;
+  l_err = ldap_parse_result (ld, result,
+                             errcodep? &l_errcode : NULL,
+                             matcheddnp, errmsgp,
+                             referralsp, serverctrlsp, freeit);
+  if (errcodep)
+    *errcodep = l_errcode;
+  return my_ldap_return_with_check (l_err);
+#else
+  return ldap_parse_result (ld, result, errcodep, matcheddnp, errmsgp,
+                            referralsp, serverctrlsp, freeit);
+#endif
+}
+
+
+static int
+my_ldap_parse_page_control (LDAP *ld, LDAPControl **ctrls,
+                            int *count, struct berval **cookie)
+{
+#ifdef HAVE_W32_SYSTEM
+  ULONG l_err;
+  ULONG l_count;
+  l_err = ldap_parse_page_control (ld, ctrls, count? &l_count: NULL, cookie);
+  if (count)
+    *count = l_count;
+  return my_ldap_return_with_check (l_err);
+#else
+  return ldap_parse_page_control (ld, ctrls, count, cookie);
+#endif
+}
+
+/*
+ * End LDAP wrappers
+ */
+
+
 /* Print a description of supported variables.  */
 void
 ks_ldap_help_variables (ctrl_t ctrl)
@@ -1356,10 +1419,11 @@ search_and_parse (ctrl_t ctrl, const char *keyspec,
                   char **attrs, LDAPMessage **r_message)
 {
   gpg_error_t err = 0;
-  int l_err, l_reserr;
+  int l_err;
+  int l_reserr;
+  unsigned int totalcount = 0;
   LDAPControl *srvctrls[2] = { NULL, NULL };
   int count;
-  unsigned int totalcount = 0;
   LDAPControl *pagectrl = NULL;
   LDAPControl **resctrls = NULL;
 
@@ -1399,8 +1463,8 @@ search_and_parse (ctrl_t ctrl, const char *keyspec,
 
   if (ctrl->ks_get_state)
     {
-      l_err = ldap_parse_result (ldap_conn, *r_message, &l_reserr,
-                                 NULL, NULL, NULL, &resctrls, 0);
+      l_err = my_ldap_parse_result (ldap_conn, *r_message, &l_reserr,
+                                    NULL, NULL, NULL, &resctrls, 0);
       if (l_err)
         {
           err = ldap_err_to_gpg_err (l_err);
@@ -1414,9 +1478,9 @@ search_and_parse (ctrl_t ctrl, const char *keyspec,
           ber_bvfree (ctrl->ks_get_state->pagecookie);
           ctrl->ks_get_state->pagecookie = NULL;
         }
-      l_err = ldap_parse_page_control (ldap_conn, resctrls,
-                                       &totalcount,
-                                       &ctrl->ks_get_state->pagecookie);
+      l_err = my_ldap_parse_page_control (ldap_conn, resctrls,
+                                          &totalcount,
+                                          &ctrl->ks_get_state->pagecookie);
       if (l_err)
         {
           err = ldap_err_to_gpg_err (l_err);
diff --git a/g10/keygen.c b/g10/keygen.c
index 6658bbbc4..c67535679 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -3152,6 +3152,7 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
     unsigned int supported : 1;   /* Supported by gpg.     */
     unsigned int de_vs : 1;       /* Allowed in CO_DE_VS.  */
     unsigned int expert_only : 1; /* Only with --expert    */
+    unsigned int no_listing : 1;  /* Do not show in the menu    */
     unsigned int available : 1;   /* Available in Libycrypt (runtime checked) */
   } curves[] = {
 #if GPG_USE_ECDSA || GPG_USE_ECDH
@@ -3159,15 +3160,15 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
 #else
 # define MY_USE_ECDSADH 0
 #endif
-    { "Curve25519",      "Ed25519", "Curve 25519", !!GPG_USE_EDDSA, 0, 0, 0 },
-    { "X448",            "Ed448",   "Curve 448",   !!GPG_USE_EDDSA, 0, 1, 0 },
-    { "NIST P-256",      NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
-    { "NIST P-384",      NULL, NULL,               MY_USE_ECDSADH,  0, 0, 0 },
-    { "NIST P-521",      NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
-    { "brainpoolP256r1", NULL, "Brainpool P-256",  MY_USE_ECDSADH,  1, 0, 0 },
-    { "brainpoolP384r1", NULL, "Brainpool P-384",  MY_USE_ECDSADH,  1, 1, 0 },
-    { "brainpoolP512r1", NULL, "Brainpool P-512",  MY_USE_ECDSADH,  1, 1, 0 },
-    { "secp256k1",       NULL, NULL,               MY_USE_ECDSADH,  0, 1, 0 },
+    { "Curve25519",      "Ed25519", "Curve 25519", !!GPG_USE_EDDSA, 0,0,0,0 },
+    { "X448",            "Ed448",   "Curve 448",   !!GPG_USE_EDDSA, 0,1,0,0 },
+    { "NIST P-256",      NULL, NULL,               MY_USE_ECDSADH,  0,1,0,0 },
+    { "NIST P-384",      NULL, NULL,               MY_USE_ECDSADH,  0,0,0,0 },
+    { "NIST P-521",      NULL, NULL,               MY_USE_ECDSADH,  0,1,0,0 },
+    { "brainpoolP256r1", NULL, "Brainpool P-256",  MY_USE_ECDSADH,  1,0,0,0 },
+    { "brainpoolP384r1", NULL, "Brainpool P-384",  MY_USE_ECDSADH,  1,1,0,0 },
+    { "brainpoolP512r1", NULL, "Brainpool P-512",  MY_USE_ECDSADH,  1,1,0,0 },
+    { "secp256k1",       NULL, NULL,               MY_USE_ECDSADH,  0,1,1,0 },
   };
 #undef MY_USE_ECDSADH
   int idx;
@@ -3220,10 +3221,11 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
         }
 
       curves[idx].available = 1;
-      tty_printf ("   (%d) %s%s\n", idx + 1,
-                  curves[idx].pretty_name?
-                  curves[idx].pretty_name:curves[idx].name,
-                  idx == 0? _(" *default*"):"");
+      if (!curves[idx].no_listing)
+        tty_printf ("   (%d) %s%s\n", idx + 1,
+                    curves[idx].pretty_name?
+                    curves[idx].pretty_name:curves[idx].name,
+                    idx == 0? _(" *default*"):"");
     }
   gcry_sexp_release (keyparms);
 
@@ -3238,7 +3240,8 @@ ask_curve (int *algo, int *subkey_algo, const char *current)
           xfree(answer);
           return NULL;
         }
-      else if (*answer && !idx)
+      else if (*answer && (!idx || (idx > 0 && idx <= DIM (curves)
+                                    && curves[idx-1].no_listing)))
         {
           /* See whether the user entered the name of the curve.  */
           for (idx=0; idx < DIM(curves); idx++)